Dynamic Campus seeks an experienced, energetic, engaging and visionary cyber-security leader who wants to become part of an exciting, vibrant community of information technology professionals supporting our clients’ mission: providing a comprehensive, high- quality education that engages students in discovery through research and broad-based scholarship.
Information technology plays a vital and ever-expanding role in our partner institutions. Each Institution's information technology environment is unique and diverse, with strong leadership and coordination from our Chief Information Officer’s (CIO) and direct reports. We are seeking a strong, knowledgeable cyber-security leader to provide vision, strategy, broad-based planning, and hands-on responsibility as CISO.
The CISO works closely with our client site CIOs, in support of institutional leadership, senior administration, academic leaders, and the campus community. The CISO is an advocate for our total information security needs and is responsible for the development and delivery of a comprehensive information security strategy to optimize the security posture of each of our clients. The CISO leads the development, implementation, and monitoring of security programs, facilitates information security awareness programs, advises senior leadership on security direction and resource investments, and designs appropriate policies to mitigate information security risk. The CISO will be asked to present emerging cyber- security trends to Cabinets, Boards, and at professional organizations and conferences,
The complexity of this position requires a leadership approach that is engaging, imaginative, and collaborative, with a sophisticated ability to work with other leaders to set the best balance between security strategies and other priorities at the campus level.
Responsible for the strategic leadership of our client institutions’ information security programs.
Provide guidance and counsel to our CIO’s and key members of the institution’s leadership team, working closely with senior administration, academic leaders, and the campus community in defining objectives for information security, while building relationships and goodwill
Promote collaborative, empowered working environments across campus, removing barriers and realizing possibilities.
Provide guidance and support to each CIO when cyber-security is a topic for the existing information technology governance processes.
Lead information security planning processes to establish an inclusive and comprehensive information security program for the each client institution in support of academic and administrative information systems and technology.
Establish annual and long-range security and compliance goals, define security strategies, metrics, reporting mechanisms and program services; and create maturity models and a roadmap for continual program improvements.
Stay abreast of information security issues and regulatory changes affecting higher education at the state and national level, participate in national policy and practice discussions, and communicate to campus on a regular basis about those topics. Engage in professional development to maintain continual growth in professional skills and knowledge essential to the position.
Provide leadership philosophy for the Information Security Office to create a strong bridge between organizations, build respect for the contributions of all and bring groups together to share information and resources and create better decisions, policies and practices for the campus.
Represent our client universities on committees and boards associated with the Institution's System and in national and regional consortiums and collaborations.
Perform special projects and other duties as assigned. Policy, Compliance and Audit.
Lead the development and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
Lead efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for the University's information and technology systems.
Work with Internal Audit, State Board of Regents, Auditor General's Office and outside consultants as appropriate on required security assessments and audits.
Coordinate and track all information technology and security related audits including scope of audits, colleges/units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
Work with university leadership and relevant responsible compliance department leadership to build cohesive security and compliance programs for the university to effectively address state and federal statutory and regulatory requirements.
Develop a strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, ITAR, HIPAA, and FISMA. Outreach, Education and Training
Work closely with IT leaders, technical experts, deans and administrative leaders across campus on a wide variety of security issues that require an in- depth understanding of the IT environment in their units, as well as the research landscape and federal regulations that pertain to their unit's research areas.
Create education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
Work to build awareness and a sense of common purpose around security.
Pursue student security initiatives to address unique needs in protecting identity theft, mobile social media security and online reputation program. Risk Management and Incident Response
Keep abreast of security incidents and act as primary control point during significant information security incidents. Convene a Security Incident Response Team (SIRT) as needed, or requested, in addressing and investigating security incidences that arise.
Convene Ad Hoc Security Committee as appropriate and provide leadership for breach response and notification actions for the University.
Develop, implement and administer technical security standards, as well as a suite of security services and tools to address and mitigate security risk.
Provide leadership, direction and guidance in assessing and evaluating information security risks and monitor compliance with security standards and appropriate policies.
Examine impacts of new technologies on the Institution's overall information security. Establish processes to review implementation of new technologies to ensure security compliance.
Degree in business administration or a technology-related field required.
Professional security management certification
Minimum of five (5) years of experience in a combination of risk management, information security and IT jobs
Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.
Excellent written and verbal communication skills and high level of personal integrity
Strong presentation skills
Innovative thinking and leadership with an ability to lead and motivate cross-functional, interdisciplinary teams
Experience with contract and vendor negotiations and management including managed services.
Experience with Cloud computing/Elastic computing across virtualized environments.